U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-23060 - In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected leng... read CVE-2026-23060
    Published: February 04, 2026; 12:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23061 - In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB me... read CVE-2026-23061
    Published: February 04, 2026; 12:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23062 - In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: T... read CVE-2026-23062
    Published: February 04, 2026; 12:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23063 - In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully relea... read CVE-2026-23063
    Published: February 04, 2026; 12:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23064 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure ife_encode() does not return NULL. syzbot reported: Oops: general protection fault, probably for ... read CVE-2026-23064
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23065 - In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrf_record() The tmp buffer is allocated using kcalloc() but is not freed if acpi_evaluate_dsm() fails. This causes a memory leak in the er... read CVE-2026-23065
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23066 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MSG_DONTWAIT was specified but the call at the front of the recvmsg queue already has its mutex locke... read CVE-2026-23066
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23067 - In the Linux kernel, the following vulnerability has been resolved: iommu/io-pgtable-arm: fix size_t signedness bug in unmap path __arm_lpae_unmap() returns size_t but was returning -ENOENT (negative error code) when encountering an unmapped PTE... read CVE-2026-23067
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23068 - In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but registers it using devm_spi_register_controller(... read CVE-2026-23068
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2026-23069 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_a... read CVE-2026-23069
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23654 - Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
    Published: March 10, 2026; 2:18:13 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-26123 - Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
    Published: March 10, 2026; 4:16:34 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-26105 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
    Published: March 10, 2026; 2:18:38 PM -0400

    V3.1: 9.3 CRITICAL

  • CVE-2026-26111 - Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
    Published: March 10, 2026; 2:18:39 PM -0400

  • CVE-2026-31796 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
    Published: March 10, 2026; 2:19:00 PM -0400

  • CVE-2026-31795 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.
    Published: March 10, 2026; 2:18:59 PM -0400

  • CVE-2026-31794 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d() causing a denial of service. This vulnerability is ... read CVE-2026-31794
    Published: March 10, 2026; 2:18:59 PM -0400

  • CVE-2026-31793 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence() causing denial of service. This vu... read CVE-2026-31793
    Published: March 10, 2026; 2:18:59 PM -0400

  • CVE-2026-31792 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerabilit... read CVE-2026-31792
    Published: March 10, 2026; 2:18:59 PM -0400

  • CVE-2026-30987 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2... read CVE-2026-30987
    Published: March 10, 2026; 2:18:58 PM -0400